I'm working on setting up a test environment with Windows 11 Enterprise that's only Entra joined. The hostname of my machine is DESKTOP-1234. I'm able to RDP into it using the mtstc client with web account sign-in enabled, which is great. The catch is that the machine has multiple network interface cards (NICs); one is a 2-port 10 gig and the other is a 2-port 1 gig. I want the ability to connect to the machine via RDP through different NICs in case one fails. Typically, I'd create multiple DNS entries like `desktop-1234-10g1.management.lan`, `desktop-1234-10g2.management.lan`, and so on. However, doing this seems to break Network Level Authentication (NLA) because the machine's hostname doesn't match the fully qualified domain name (FQDN) I'm using to connect. Is there a better way to manage this setup?
2 Answers
The root of your issue is trying to connect using a name that doesn't match your machine's actual FQDN, which confuses NLA. Instead of creating separate DNS names for each NIC, focus on configuring your network so that your chosen hostname resolves to the active NIC's IP address. This way, NLA can authenticate properly without all the complications.
You might want to modify your hosts file on the client side for each NIC. This way, you can manually ensure that the client resolves the correct IP based on the NIC you want to connect through. Just keep in mind, this might not be the most scalable solution if you have to manage a lot of clients.
That's a good workaround! But I'm curious if there are more scalable methods to do this.
That's an interesting angle! I was considering making multiple A records for the same name pointing to different IPs. But since I'm using Ubiquiti's DNS, flexibility is limited. Still, it seems doable.